Why SMTP and MX checks are key for email verification

Last Updated Feb 08, 2021
Emma Jagger

Engineer, maker, Google alumna, CMU grad

Checking user-inputted data from a form is something that every web developer has to do for a majority of his projects.

Most of the time, this process is relatively simple, but there are certain types of data for which verification is more complex. It is the case, for example, with emails addresses, for which verification is critical, mostly because essential processes of business rely on emails addresses, such as authentication or marketing.

How to properly verify an email address?

For the majority of data, a simple syntax check is sufficient. For example, if you ask your user to create a new password, you can sufficiently check its length and if it contains numbers, letters and special characters.

The date data-type format verification is simple to perform since it consists of 3 groups of numbers. But to make sure that the date exists, you need an extra step to match it to a calendar.

The same is true for email addresses, for which a simple syntax check is not enough. An email address such as idonotexist@meneither.com is very likely to don't exist, and your verification scripts must be able to detect it.

How does an email transit to your recipient's server?

Let's dwell for a few moments on email servers' basic functioning to illustrate the rest of this article.

When you send an email, your email client is configured to connect to your SMTP server. Your server will then need to determine which SMTP server to push your message to reach its recipient.

The part after the @ symbol determines the domain hosting your recipient's mailbox in an email address. Your SMTP server will query the target domain to check for its MX fields, which point to the mail servers for this domain.

The final step is to connect to the recipient's mail server and to transmit your message.

How an email address that doesn't exist can ruin my business?

Mail servers do not only exchange messages between them; they also have several mechanisms to fight against spam. An email server that receives too many messages destined to unexisting domains can automatically report the emitting domain as a potential spamming source.

Once your domain name received multiple spam suspicion reports, you could be considered a spammer and your mail server could be blacklisted. The consequence is that most of your emails will be blocked by spam filters before they have a chance to reach your recipients' mailboxes.

There are several ways to reduce the risk of being blacklisted. The first and easiest mechanism to set-up is to implement an email address verification script which ensures that the recipient's domain exists and contains email servers.

Why not check the existence of the mailbox against the recipient's SMTP server?

Those who know the SMTP protocol might want to implement a verification script to send the recipient's mail server the VRFY command. The VRFY command allows you to verify a mailbox's existence on an SMTP server, which could have been convenient in our situation. Unfortunately, most SMTP servers do not respond correctly to the VRFY command, making it unusable.

What is the best method to verify MX fields and SMTP configuration?

The fastest and cheapest way is to use an API to verify the email address's domain configuration.

Abstract Email Verification API is free and easy to use. It provides information on the MX fields and the SMTP server and additional interesting data about an email address, in real-time.

To use it, you only need to create an account on the Abstract website. Then you are ready to use the API. Here is an example with a curl command:


curl "https://emailvalidation.abstractapi.com/v1/?api_key=YOUR_API_KEY&email=johnsmith@gmail.com"

And here is the response:


{  
 "email": "johnsmith@gmail.com",  
 "autocorrect": "",
 "deliverability": "DELIVERABLE",  
 "quality_score": 0.90,  
 "is_valid_format": {
       "value": true,
       "text": "TRUE"
       },
 "is_free_email": {
       "value": true,
       "text": "TRUE"
       },
 "is_disposable_email": {
       "value": false,
       "text": "FALSE"
       },
 "is_role_email": {
       "value": false,
       "text": "FALSE"
       },
 "is_catchall_email": {
       "value": false,
       "text": "FALSE"
       },
 "is_mx_found": {
       "value": true,
       "text": "TRUE"
       },
 "is_smtp_valid": {
       "value": true,
       "text": "TRUE"
       },
 "quality_score": 0.90,  
}

Related articles